对服务进行身份验证。Authenticate a service.常常使用这种身份验证方法的应用程序是运行守护程序服务、中间层服务或计划作业的应用：Web 应用、函数应用、逻辑应用、API 或微服务。Applications that commonly use this authentication method are apps that run daemon services, middle-tier services, or scheduled jobs: web apps, function apps, logic apps, APIs, or a microservice.

用户身份验证User authentication

验证使用应用程序与媒体服务资源进行交互的用户。Authenticate a person who is using the app to interact with Media Services resources.交互式应用程序应首先提示用户输入凭据。The interactive application should first prompt the user for credentials.例如，授权用户用来监视编码作业或实时传送视频流的管理控制台应用程序。An example is a management console app used by authorized users to monitor encoding jobs or live streaming.

使用 Azure 门户Use the Azure portal

API 访问API access

在“API 访问”页中，可以选择用于连接 API 的身份验证方法。 The API access page lets you select the authentication method you want to use to connect to the API.此页还提供连接到 API 所需的值。The page also provides the values you need to connect to the API.

管理 Azure AD 应用和机密Manage your Azure AD app and secret

在“管理 AAD 应用和机密”部分，可以选择或新建 Azure AD 应用并生成机密。 The Manage your AAD app and secret section lets you select or create a new Azure AD app and generate a secret.出于安全方面的原因，关闭边栏选项卡后，无法显示机密。For security purposes, the secret cannot be shown after the blade is closed.应用程序使用应用程序 ID 和机密进行身份验证，以获取媒体服务的有效令牌。The application uses the application ID and secret for authentication to obtain a valid token for media services.

务必拥有足够的权限，以便向 Azure AD 租户注册应用程序，并将应用程序分配给 Azure 订阅中的角色。Make sure that you have sufficient permissions to register an application with your Azure AD tenant and to assign the application to a role in your Azure subscription.有关详细信息，请参阅所需权限。For more information, see Required permissions.

连接到媒体服务 APIConnect to Media Services API

“连接到媒体服务 API”提供用于连接服务主体应用程序的值。 The Connect to Media Services API provides you with values that you use to connect your service principal application.可以获取文本值，或者复制 JSON 或 XML 块。You can get text values or copy the JSON or XML blocks.

用户身份验证User authentication

此选项可用于对某个使用应用来与媒体服务资源交互的 Azure Active Directory 员工或成员进行身份验证。This option could be used to authenticate an employee or member of an Azure Active Directory who is using an app to interact with Media Services resources.交互式应用程序应先提示用户输入用户凭据。The interactive application should first prompt the user for the user's credentials.此身份验证方法只可用于管理型应用程序。This authentication method should only be used for Management applications.

CLICLI

登录Sign in

使用本地安装的 CLI 需要登录到 Azure。Using a local install of the CLI requires signing in to Azure.使用 az login 命令登录。Sign in with the az login command.

如果 CLI 可以打开默认的浏览器，则它会打开该浏览器并加载登录页。If the CLI can open your default browser, it will do so and load a sign-in page.否则，你需要打开一个浏览器页面，在浏览器中导航到 https://microsoft.com/deviceloginchina 后，按照有关命令行的说明输入授权代码。Otherwise, you need to open a browser page and follow the instructions on the command line to enter an authorization code after navigating to https://microsoft.com/deviceloginchina in your browser.

访问媒体服务 APIAccess the Media Services API

若要连接到 Azure 媒体服务 API，请使用 Azure AD 服务主体身份验证。To connect to Azure Media Services APIs, you use the Azure AD service principal authentication.以下命令创建 Azure AD 应用程序并将服务主体附加到帐户。The following command creates an Azure AD application and attaches a service principal to the account.应使用返回的值配置应用程序。You should use the returned values to configure your application.

在运行脚本之前，应将 amsaccount 和 amsResourceGroup 替换为在创建这些资源时选择的名称。Before running the script, you should replace the amsaccount and amsResourceGroup with the names you chose when creating these resources.amsaccount 是要向其附加服务主体的 Azure 媒体服务帐户的名称。amsaccount is the name of the Azure Media Services account where to attach the service principal.

如果你有权访问多个订阅，请先将活动订阅设置为在其中创建了媒体服务帐户的订阅。If you have access to multiple subscriptions, first set the active subscription to the subscription where the Media Services account was created.